
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 223 13-1450 
www.usplo.gov 



APPLICATION NO. j 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. | 


CONFIRMATION NO. 


10/661,734 


09/12/2003 


Donald Fcdyk 


120-279 


8301 



34845 7590 08/09/2007 

McGUINNESS & MANARAS LLP 
125 NAGOG PARK 
ACTON, MA 01720 



EXAMINER 



TASHAKKORI, MITRA 



ART UNIT 



2109 



PAPER NUMBER 



MAIL DATE 



DELIVERY MODE 



08/09/2007 PAPER 

Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



Office Action Summary 


Application No. 

10/661,734 


Applicant(s) 

FEDYK ETAL 


Examiner 

Mitra Tashakkori 


Art Unit 

2109 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )KI Responsive to communication(s) filed on 12 September 2003 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1-17 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) ^ Claim(s) M7 is/are rejected. 

7) ^ Claim(s) 1-17 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) K The specification is objected to by the Examiner. 

10) [3 The drawing(s) filed on 12 September 2003 is/are: a)Q accepted or b)[3 objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) Q Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2.D Certified copies of the priority documents have been received in Application No. . 

3-D Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) [3 Notice of References Cited (PTO-892) 

2) CD Notice of Draftsperson's Patent Drawing Review (PTO-948) 

3) £3 Information Disclosure Statement(s) (PTO/SB/08) 

Paper No(s)/Mail Date 05/09/2005 . 



4) □ Interview Summary (PTO-41 3) 

Paper No(s)/Mail Date. . 

5) [U Notice of Informal Patent Application 

6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 2007071 1 



Application/Control Number: 10/661,734 Page 2 

Art Unit: 2109 

1. This is in response to application filed on September 12, 2003, in which claims 1-17 are 
presented for examination. 

Status of Claims 

2. Claims 1-17 are pending, of which claims 1, 7, 10, and 14 are in independent form. 

Drawings 

3. Figure 1 should be designated by a legend such as —Prior Art— because only that which is 
old is illustrated. See MPEP § 608.02(g). Corrected drawings in compliance with 37 CFR 
1.121(d) are required in reply to the Office action to avoid abandonment of the application. The 
replacement sheet(s) should be labeled "Replacement Sheet" in the page header (as per 37 CFR 
1.84(c)) so as not to obstruct any portion of the drawing figures. If the changes are not accepted 
by the examiner, the applicant will be notified and informed of any required corrective action in 
the next Office action. The objection to the drawings will not be held in abeyance. 

4. The drawings are objected to as failing to comply with 37 CFR i.84(p)(s) because they 
include the following reference character(s) not mentioned in the description: "VPN A", "@ VPN 
A", "VPN B" and "@ VPN B" in Figure 1; "Site 1 @ VPN A", "Source", "Site 2 @ VPN B", "20", 
"22", "23", "24", "25", "26", "27", "28", "Site 3 @ VPN A", "Destination" and "Site 4 @ VPN B" in 
Figure 2; "33" in Figure 3; and "209" in Figure 5. Corrected drawing sheets in compliance with 
37 CFR 1.121(d), or amendment to the specification to add the reference character(s) in the 
description in compliance with 37 CFR 1.121(b) are required in reply to the Office action to avoid 
abandonment of the application. Any amended replacement drawing sheet should include all of 
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the figures appearing on the immediate prior version of the sheet, even if only one figure is being 
amended. Each drawing sheet submitted after the filing date of an application must be labeled 
in the top margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If 
the changes are not accepted by the examiner, the applicant will be notified and informed of any 
required corrective action in the next Office action. The objection to the drawings will not be 
held in abeyance. 

5. The drawings are objected to under 37 CFR 1.83(a) because they fail to show, in Figure 4, 
that after completing step 106, the process returns to step 105 to wait; in Figure 5, that a "yes" to 
the question in step 208 results in moving to step 209 before step 210, while a "no" results in 
moving directly to step 210; and in Figure 5, the steps of downloading the key to the member as 
well as auto-discovering the other members, as described in the specification. Any structural 
detail that is essential for a proper understanding of the disclosed invention should be shown in 
the drawing. MPEP § 608.02(d). Corrected drawing sheets in compliance with 37 CFR 1.121(d) 
are required in reply to the Office action to avoid abandonment of the application. Any 
amended replacement drawing sheet should include all of the figures appearing on the 
immediate prior version of the sheet, even if only one figure is being amended. The figure or 
figure number of an amended drawing should not be labeled as "amended." If a drawing figure 
is to be canceled, the appropriate figure must be removed from the replacement sheet, and 
where necessary, the remaining figures must be renumbered and appropriate changes made to 
the brief description of the several views of the drawings for consistency. Additional 
replacement sheets may be necessary to show the renumbering of the remaining figures. Each 
drawing sheet submitted after the filing date of an application must be labeled in the top margin 
as either "Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If the changes are 
not accepted by the examiner, the applicant will be notified and informed of any required 
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corrective action in the next Office action. The objection to the drawings will not be held in 
abeyance. 



6. In addition to Replacement Sheets containing the corrected drawing figure(s), applicant 
is required to submit a marked-up copy of each Replacement Sheet including annotations 
indicating the changes made to the previous version. The marked-up copy must be clearly 
labeled as "Annotated Sheets" and must be presented in the amendment or remarks section that 
explains the change(s) to the drawings. See 37 CFR 1.121(d)(1). Failure to timely submit the 
proposed drawing and marked-up copy will result in the abandonment of the application. 



Specification 

7. The abstract of the disclosure is objected to because: 

• the first word of sentence 4 is written "AS" and should be "As" instead; 

• "Routing Functionality" is not consistently capitalized; and 

• "GSA" is defined, but "group SA" is not. 
Correction is required. See MPEP § 608.01(b). 

8. The disclosure is objected to because of the following informalities: 

• the wording of "network architecture capable includes a device" on pg. 4, line 13; 

• a missing comma between "devices" and "is provided" on pg. 5, line 9; 

• the wording of "Security/Routing device the present invention" on pg. 5, line 28; 

• the wording of "be achieved adding a" on pg. 6, line 14; 



Application/Control Number: 10/661,734 Page 5 

Art Unit: 2109 

• a missing space in the middle of "areidentified" on pg. 6, line 23; 

• "the S/R provides" should be "the S/R device provides" on pg. 7,. line 1; 

• the extra period mark on pg. 7, line 6; 

• the wording of "the information need to secure" on pg. 7, line 11; 

• the wording of "and one more data security protocol SAs" on pg. 7, line 23; 

• a period in the middle of a sentence on pg. 8, line 6; 

• the wording of "In general, BGP-4 two systems form" on pg. 9, line 3; v 

• the wording of "optionally identifiers" on pg. 11, line 20; 

• the wording and punctuation of "the member forwards route information optionally 
encrypting the information using a GSA for the member to the S/R 30, where the 
route information is distributed to other members optionally encrypted using the 
GSA" on pg. 11, line 22; and 

• the spelling of "tot he" on pg. 12, line 26. 
Appropriate correction is required. 

9. The incorporation of essential material in the specification by reference to an 
unpublished U.S. application, foreign application or patent, or to a publication is improper. 
Applicant is required to amend the disclosure to include the material incorporated by reference, 
if the material is relied upon to overcome any objection, rejection, or other requirement imposed 
by the Office. The amendment must be accompanied by a statement executed by the applicant, 
or a practitioner representing the applicant, stating that the material being inserted is the 
material previously incorporated by reference and that the amendment contains no new matter. 
37 CFR 1.57(f). 
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Claim Objections 

10. The claims are objected to because many of them are crowded too closely to one another, 
making it difficult to see where one ends and the next begins. Substitute claims with adequate 
spacing in between claims are required. For example, duplicating the spacing found between 
claims 1 and 2, on page 14, lines 14-16, to replace the current spacing between any two claims 
would ensure claims are visually distinct and easily recognizable. See 37 CFR 1.52(b). 

11. Claims 1, 10-12, 14 and 17 are objected to because of the following informalities: 

• there is no clear indication in the disclosure as to what is meant by a "device" of the 
autonomous system recited in claim 1. This term is frequently used in the art, but it 
is unclear which of several standard definitions are to be applied. 

• the word "and" is missing before the final limitation of claim 10, on pg. 15, line 17; 

•. the preamble of claim 11 recites "method of claim 10 including" rather than "method 
of claim 10 further including," which is more clear and consistent with other claims; 

• the missing colon mark (":") at the end of the preamble of claim 12, on pg. 16, line 28; 

• the word "and" is missing before the final limitation of claim 12, on pg. 16, line 2; 

• the word "and" is missing before the final limitation of claim 14, on pg. 16, line 2; 

• the word "system" in claim 14 should be pluralized, on pg. 16, line 11; 

• the sub-group of limitations in claim 14 should be indented, on pg. 16, lines 14-18; 

• the word "and" is missing from the sub-grouping of limitations describing the 
"means for providing secure communications" in claim 14, on pg. 16, line 15; 

• the phrasing of "routes to each of the autonomous systems in the group to other 
autonomous system in the group" in claim 14, on pg. 16, line 16, is unclear; 
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• the word "system" in claim 15 should be pluralized, on pg. 16, line 20; and 

• claim 17 recites auto-discovery means for identifying group members, and it depends 
on claim 16, which recites a list as the means for identifying group members. Thus, 
the mechanism for identifying members has already been established in claim 16, so 
the dependency of claim 17 on claim 16 seems improper. 

Appropriate correction is required. 

12. Claim 2 is objected to under 37 CFR 1.75(c), as being of improper dependent form for 
failing to further limit the subject matter of a previous claim. Applicant is required to cancel the 
claim(s), or amend the claim(s) to place the claim(s) in proper dependent form, or rewrite the 
claim(s) in independent form. 

13. Claim 2 does not offer any additional limitations, but merely refers to claim 1. 

Claim Rejections - 35 USC § 112 

14. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

15. Claims 14-17 are rejected under 35 U.S.C. 112, first paragraph, as failing to comply with 
the enablement requirement. The claim(s) contains subject matter which was not described in 
the specification in such a way as to enable one skilled in the art to which it pertains, or with 
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which it is most nearly connected, to make and/or use the invention. 

16. Claim 14 recites a "means for assigning a security association to the group," but the 
specification relies upon improperly incorporated references to provide essential material 
regarding these means. Therefore, the disclosure does not enable the function of assigning a 
security association to a group. 

17. Claims 15-17 depend on claim 14 and are also rejected on the same grounds. 

18. Further, claim 17 recites auto-discovery means, also not enabled due to the improper 
incorporation of essential material that enables this function. 

19. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

20. Claims 1-17 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards 
as the invention. 

21. Claim 1 recites the limitation "the route information received from each member" in line 
10 of the claim. There is insufficient antecedent basis for this limitation in the claim. 

22. Claim 2-6 depend on claim 1 and are rejected on the same grounds. 
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23. Claim 2 is additionally rejected because simply recites "The method of claim 1, wherein 
the step of reflecting the route information," clearly failing to particularly point out and 
distinctly claim any intended subject matter. 

24. Claim 3 is additionally rejected because the scope of the term "registration request" is 
unclear, and the specification does not provide insight into the intended meaning of this term. 

25. Claim 4 is additionally rejected because it recites the limitation "according to claim 4" in 
line 1 of the claim. There is insufficient antecedent basis for this limitation in the claim. 

26. Claim 5 is additionally rejected because it recites the limitation "according to claim 5" in 
line 1 of the claim. There is insufficient antecedent basis for this limitation in the claim. 

27. Claim 7 recites "functionality for" various tasks, which is enabled by the disclosure; 
however, without impermissibly limiting the claim based on the specification, it is not possible 
to define the metes and bounds of what "functionality" entails. 

28. Claims 8 and 9 depend on claim 7 and are rejected on the same grounds. 

i 

29. Claim 10 recites the limitation "another coupled device" in line 5 of the claim. There is 
insufficient antecedent basis for this limitation in the claim. In order to identify "another" 
device, a first device must have already been identified, and there is no other device recited in 
the claim. 
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30. Claims 11-13 depend on claim 10 and are rejected on the same grounds. 

31. Claim 11 is additionally rejected because it recites the limitation "the coupled device" in 
line 2 of the claim. There is insufficient antecedent basis for this limitation in the claim. It is 
unclear whether "the coupled device" is referring to "another coupled device" recited in the 
previous claim or to some different device, one that has not yet been disclosed. 

32. Further, claim 11 is additionally rejected because it recites the limitation "the routing 
information" in line 4 of the claim. There is insufficient antecedent basis for this limitation in 
the claim. Given that claim 10 recites "routing information for the one member" and claim 11 
recites "routing information associated with the at least one other member," it is unclear which 
member's routing information is being referred to in the limitation of claim 11 which recites 
"wherein the routing information is secured." 

33. Claim 12 is additionally rejected because it recites the limitation "the routing 
information" in line 2 of the claim. There is insufficient antecedent basis for this limitation in 
the claim. Given that claim 10 recites "routing information for the one member," claim 11 recites 
"routing information associated with the at least one other member," and both claims recite "the 
routing information being secured," it is unclear which routing information claim 12 is referring 
to in the step of "restoring the routing information." 

34. Claim 13 is additionally rejected because it recites the limitation "the routing 
information" in line 2 of the claim. There is insufficient antecedent basis for this limitation in 
the claim. Given that claim 10 recites "routing information for the one member," and claim 11 
recites "routing information associated with the at least one other member," it is unclear which 



Application/Control Number: 10/661,734 Page 11 

Art Unit: 2109 

routing information claim 13 refers to when building a tunnel "using the routing information." 
Further, since both claims 10 and 11 recite "the routing information being secured/' and claim 12 
includes the steps of "restoring the routing information" and "forwarding" data "using the 
restored routing information," it is unclear whether or not "the routing information" recited in 
claim 13 refers to the restored routing information used in the forwarding step of claim 12. 

35. Claim 14 recites a "means for assigning a security association to the group," but the 
specification relies upon improperly incorporated references to provide essential material 
regarding these means. Therefore, the disclosure does not provide the necessary information to 
clearly define the scope of this claim. Further, it is unclear whether the claim is intended to 
define the network, as would be suggested by the preamble, or the "means for providing secure 
communications," as is suggested by the second "comprising:" terminology. 

36. Claims 15-17 depend on claim 14 and are also rejected on the same grounds. 

37. Further, claim 17 recites auto-discovery means, also indefinite due to the improper 
incorporation of essential material regarding this function. 

Claim Rejections - 35 USC § 101 

38. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 
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39. Claims 7-9 and 14-17 are rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. 

40. Claim 7 recites a "device" comprising "security association functionality" and "route reflection 
functionality," neither of which is limited to being implemented using hardware. The possibility of being 
implemented as software is evidenced in the specification on pg. 12, line 6. 

41. Claims 8-9 are dependent on claim 7 and are rejected on the same grounds. 

42. Claim 14 recites a "network comprising a group of interconnected autonomous systems" and "means 
for" doing various tasks, those means being comprised of additional "means for" functions. While the 
autonomous systems themselves are tangible devices, the "means for" functionality is not limited to hardware 
implementations, as is discussed regarding claim 7. The claim language does not require the autonomous 
systems to perform any function; rather, they are the objects the function is performed on. Thus, the claim 
presents functional descriptive material not embodied in a tangible medium, which is non-statutory subject 
matter. 

43. Claims 15-17 depend on claim 14 and are rejected on the same grounds. 



Claim Rejections - 35 USC § 102 



44. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
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351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 
21(2) of such treaty in the English language. 

45. Claims 1-3, 7, and 9-15 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Hanzlik et al. US 2004/0044891 Ai, filed on September 4, 2002. 

46. As per claim 1, Hanzlik discloses A method of securing communication between 
at least two members of a group as a system and method for secure group 
communications (pg. 2, [0024]) through the implementation of a Virtual Private Group (VPG) 
communication system (pg. 2, [0027]). Hanzlik discloses wherein each member is an 
autonomous system [i.e. a collection of systems or devices operating under a single routing 
policy or domain, therefore able to communicate with one another without the use of the public 
backbone] comprising one or more devices as the capability for group members to exist 
behind a Network Address Translation (NAT) device (pg. 2, [0028]). Further, Hanzlik provides 
"capability for interdomain VPG's," (pg. 5, [0053]). Interdomain VPG's are essentially groups 
having members from different autonomous systems. Hanzlik discloses^/brumrding, to at 
least one member of the group, a group security c&sociation [i.e. a set of information 
that defines how a group communicates securely, generally including policy and keys for 
securing communications] corresponding to the group as sending a copy of the security 
policy, as well as a set of shared encryption keys and a membership key, from a policy server to 
the group nodes, where this information is used to secure group communications (pg. 4, 
[0043]). Hanzlik discloses receiving, from the at least one member of the group, 
route information enabling communication with each of the one or more devices 
of the autonomous system corresponding to the member as a management feature of 
the policy server, which manages group membership within its security domain (pg. 4, [0041]). 
Each node has an identifier, which may be an IP address (pg. 6, [0069]). When a node first 
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contacts the policy server, its IP address (or that of the NAT device it is behind) is recorded 
when the node is authenticated (pg. 7, [0075]). Hanzlik discloses identifying at least one 
other member of the group as creating a VPG membership list on the policy server, then 
adding members to that list and establishing secure connections between the policy server and 
the member nodes (pg. 5, [0060]). Hanzlik discloses reflecting the route information 
received from each member of the group to the at least one other member of the 
group as sending "the membership list from the policy server to each of the group members," 
(pg- 5> [0061]) where the membership list presents group members by IP address and is applied 
to incoming and outgoing packets (pg. 4, [0043]). Hanzlik discloses including the step of 
securing the route information using the group security association as establishing 
secure communications between the policy server and each node using one of the keys sent from 
the policy server to the node (pg. 4, [0042]). Encryption keys sent from the policy server to the 
group members are used to secure all communications, and include keys used to communicate 
with the policy server (pg. 4, [0043]). 

47. As per claim 2, The method of claim 1, wherein the step of reflecting the route 
information does not further limit the scope of claim 1, and therefore is rejected using the 
same argument as was used above, to reject claim 1. 

48. As per claim 3, Hanzlik discloses The method according to claim 1, further 
comprising the step of receiving a registration requestfrom the at least one 
member of the group as the initial contact by a node asking for a VPG table (pg. 7, [0075]), 
which includes the IP addresses and security association data for other members of the VPG (pg. 
7, [0070]). 
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49. As per claim 7, Hanzlik discloses A device for providing secure communications 
between at least two members of a group over a backbone as the policy server and 
VPG, as discussed above in the analysis of claim 1. Hanzlik discloses security association 
functionality for forwarding a group security €issociation of the group to the at 
least two members of the group as a function of the policy server, as discussed above in the 
analysis of claim 1. Hanzlik discloses route reflection functionality, for identifying at 
least one of the at least two members of the group, receiving routing information 
for the at least one of the two members of the group, securing the routing 
information for the at least one of the two members of the group using the group 
security €issociation and for forwarding the secured routing information to 
another one of the at least two members of the group as another function of the policy 
server, as discussed above in the analysis of claim 1. 

50. As per claim 9, Hanzlik discloses The device of claim 7 wherein the functionality 
for identifying at least one of the two members of the group includes a list of 
members of the group as a VPG membership list, as discussed in the analysis of claim 1. 

51. As per claim 10, Hanzlik discloses A method for communicating securely by one 
member of a group with at least one other member of the group over a backbone 

as discussed above in the analysis of claim 1. Hanzlik discloses receiving, at the one 
member, a group security association corresponding to the group as discussed 
above in the analysis of claim 1. Hanzlik discloses/orujardingr, by the one member to 
another coupled device [interpreted as referring to the source of the group security 
association, i.e. the policy server], routing information for the one member as discussed 
above in the analysis of claim 1. Hanzlik discloses the routing information being secured 
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using the group security association of the group as discussed above in the analysis of 
claim 1. 

52. As per claim 11, Hanzlik discloses The method of claim 10 including the steps of: 
receiving, at the one member, from the coupled device, routing information 
associated with the at least one other member of the group, wherein the routing 
information is secured using the group security association of the group as 

receiving a member list with IP addresses of other members, as discussed above in the analysis 
of claim 1. 

53. As per claim 12, Hanzlik discloses The method of claim 11 further comprising the 
steps of restoring [i.e. decrypting] the routing information using the group security 
association of the group as the inherent result of receiving information from the policy 
server via a secure connection. Hanzlik states that "VPG nodes receive group membership 
information, and other VPG parameters, from [the] policy server," and that they "use this 
information to encrypt and decrypt traffic," (pg. 4, [0043]). Hanzlik discloses securing a 
packet for transmission to the at least one other member of the group using the 
group security association to provide a secured packet as the step where a member 
uses the security policy and group membership keys to encrypt data transmitted to another 
member node (pg. 5, [0053]). Hanzlik discloses/orocardingr the secured packet to the at 
least one other member using the restored routing information as the step where the 
member node applies the group membership list to all packets being sent or received (pg. 4, 
[0043]). 
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54. As per claim 13, Hanzlik discloses The method of claim 12 wherein the step of 
forwarding includes building a tunnel [i.e. a secure connection characterized by the use 
of a key to encrypt and decrypt data transferred between two points] to the at least one 
other member of the group using the routing information and the group security 
association as the use of the membership list and group keys, as discussed above in the 
analysis of claim 12, for symmetric encryption (pg. 3, [0034]). 

55. As per claim 14, Hanzlik discloses A network comprising: a group of 
interconnected autonomous system as discussed above in the analysis of claim 1. Hanzlik 
discloses means for providing secure communications between at least two of the 
autonomous systems in the group as discussed above in the analysis of claim 1. Hanzlik 
discloses means for assigning a security association to the group, wherein 
communications between members of the group are secured using the security 
association as a function of the policy server, where it is able to create security policy rules 
and a common set of encryption keys, then transmit that information to group members, who 
then use the policy and keys to encrypt and decrypt all communications, as discussed above in 
the analysis of claim 1. Hanzlik discloses means for reflecting routes to each of the 
autonomous systems in the group to other autonomous systems of the group, 
wherein the reflected routes are secured using the security association of the 
group as sending member data and membership lists containing address data from the policy 
server to each group member, as discussed above in the analysis of claim 1. 

56. As per claim 15, Hanzlik discloses The network according to claim 14, wherein 
the means for reflecting routes to each of the autonomous system in the group 
includes means for identifying each of the autonomous systems of the group as the 
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identification information for each of the member nodes, stored with group security association 
information within a group membership table, as discussed above in the analysis of claim 3. 

Claim Rejections - 35 USC § 103 

57. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

58. Claims 4-6, 8, and 16-17 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hanzlik as applied to claims 1-3, 7, and 9-15 above, and further in view of Mukherjee et al. US 
2004/0006708 Ai, hereinafter referred to as Mukherjee. 

59. As per claim 4, Hanzlik discloses The method according to claim 4 [interpreted to 
mean claim 3] as discussed above in the analysis of claim 3, but does not disclose wherein the 
registration request includes a list including the at least one other member of the 
group. However, Mukherjee discloses these additional limitations that are not disclosed by 
Hanzlik. Mukherjee discloses a registration process where the "subscriber identifies a group of 
users authorized" and states this information may be provided in the form of a list of members 
(Mukherjee, pg. 3, [0040]). It would be obvious to one skilled in the art to modify Hanzlik to 
include populating the member list, once created on the policy server (pg. 5, [0060]), using a 
member list information provided by a member node when first connecting to the policy server, 
allowing a member node the authority to determine who is an authorized member (Mukherjee, 
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pg- 4, [0048]). 

60. As per claim 5, Hanzlik, in view of Mukherjee, discloses The method according to 
claim 5 [interpreted to mean claim 4], as discussed above in the analysis of claim 4, but does 
not disclose wherein the step of identifying the at least one other member includes 
the step of forwarding a requestfor routing information to the at least one other 
member, the request including an identifier for the group. However, Mukherjee 
discloses these additional limitations that are not disclosed by Hanzlik. Mukherjee discloses an 
invitation sent to a second member, where the invitation is simply a mechanism used to notify 
the second user of the VPN set up by the first user. To join, the second user must respond to the 
invitation (Mukherjee, pg. 5, [0055]). The invitation is effectively the request for routing 
information, as the session cannot be established without a response. It would be obvious to 
one skilled in the art to modify Hanzlik to include populating the member list, once created on 
the policy server (pg. 5, [0060]), by sending out a request for routing information for members 
of an identified or named group, making the process more automated and therefore easier to use 
(Mukherjee, pg. 6, [0076]). 

61. As per claim 6, Hanzlik discloses The method according to claim 4 [interpreted to 
mean claim 3], as discussed above in the analysis of claim 3, but does not disclose wherein the 
step of identifying includes the step of auto-discovering the at least one other 
member of the group in response to the registration request by issuing a request 
for routing information to other devices in the network, the request for routing 
information including an identifier for the group. However, Mukherjee does disclose 
these further limitations. Mukherjee states, "Augmenting the P2P-VPN with automatic network 
configuration procedures can provide easy networking to users without much knowledge about 
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networking/' (pg. 6, [0076]). It would be obvious to one skilled in the art to modify Hanzlik to 
determine group members automatically, using auto-discovery means that are well known in the 
art, to populate the member list (pg. 5, [0060]) as one step in automatic configuration of a 
network, for the reasons disclosed by Mukherjee (i.e. ease of use for non-network savvy users). 

62. As per claim 8, Hanzlik discloses The device of claim 7 as is discussed above in the 
analysis of claim 7, but does not disclose wherein the functionality for identifying at 
least one of the two members of the group is auto-discovery logic. However, 
Mukherjee discloses this additional limitation. As discussed above in the analysis of claim 6, it 
would be obvious to one skilled in the art to modify Hanzlik by adding a well-known auto- 
discovery means to populate determine other members of a group, where auto-discovery logic is 
one of the auto-discovery means well known in the art. 

63. As per claim 16, Hanzlik discloses The network according to claim 15 but does not 
disclose wherein the means for identifying each of the members of the group 
includes a registration request having a list of all of the autonomous systems in 
the group. However, Mukherjee discloses these additional limitations. As discussed above in 
the analysis of claim 4, it would be obvious to one skilled in the art to modify Hanzlik to 
determine who gets added to a group member list that has been created on the policy server (pg. 
5, [0060]), i.e. to identify group members, by using the member list information provided by a 
member node when first connecting to the policy server, allowing a member node the authority 
to determine who is an authorized member (Mukherjee, pg. 4, [0048]). 

64. As per claim 17, Hanzlik discloses The network according to claim 16 [interpreted 
to mean claim 15], as discussed above in the analysis of claim 16, but does not disclose 
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wherein the means for identifying each of the members of the group includes 
auto-discovery means. However, Mukherjee discloses this additional limitation. As 
discussed above in the analysis of claim 6, it would be obvious to one skilled in the art to add a 
well-known auto-discovery means to populate determine other members of a group. 



65. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Mitra Tashakkori whose telephone number is 571-272-9069. The 
examiner can normally be reached on Mon-Thurs 8:30am-6pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Frantz Coby can be reached on 571-272-4017. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
maybe obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Conclusion 
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